Debian Package Tracker

general

source: spice-gtk (main)
version: 0.37-1
maintainer: Liang Guo (DMD)
arch: any
std-ver: 4.4.0
VCS: Git (Browse, QA)

versions [more versions can be listed by madison] [old versions available from snapshot.debian.org]

[pool directory]

o-o-stable: 0.25-1
o-o-sec: 0.25-1+deb8u1
oldstable: 0.33-3.3+deb9u1
stable: 0.35-2
testing: 0.37-1
unstable: 0.37-1

versioned links

0.25-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.25-1+deb8u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.33-3.3+deb9u1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.35-2: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]
0.37-1: [.dsc, use dget on this link to retrieve source package] [changelog] [copyright] [rules] [control]

binaries

gir1.2-spiceclientglib-2.0
gir1.2-spiceclientgtk-3.0
libspice-client-glib-2.0-8 (1 bugs: 0, 1, 0, 0)
libspice-client-glib-2.0-dev
libspice-client-gtk-3.0-5
libspice-client-gtk-3.0-dev
spice-client-glib-usb-acl-helper (1 bugs: 0, 1, 0, 0)
spice-client-gtk (2 bugs: 0, 1, 1, 0)

action needed

1 security issue in bullseye high

There is 1 open security issue in bullseye.

1 important issue:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Please fix it.

Created: 2019-07-07 Last update: 2019-10-21 00:30

1 security issue in sid high

There is 1 open security issue in sid.

1 important issue:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Please fix it.

Created: 2018-03-15 Last update: 2019-10-21 00:30

Depends on packages which need a new maintainer normal

The packages that spice-gtk depends on which need a new maintainer are:

spice-protocol (#911429)
- Build-Depends: libspice-protocol-dev
- Depends: libspice-protocol-dev
usbredir (#911431)
- Build-Depends: libusbredirhost-dev
- Depends: libusbredirhost1 libusbredirparser1 libusbredirhost1 libusbredirparser1

Created: 2019-11-22 Last update: 2020-01-18 18:37

Multiarch hinter reports 2 issue(s) normal

There are issues with the multiarch metadata for this package.

libspice-client-glib-2.0-dev could be marked Multi-Arch: same
libspice-client-gtk-3.0-dev could be marked Multi-Arch: same

Created: 2018-09-09 Last update: 2020-01-18 14:07

version in VCS is newer than in repository, is it time to upload? normal

vcswatch reports that this package seems to have a new changelog entry (version 0.37-2, distribution UNRELEASED) and new commits in its VCS. You should consider whether it's time to make an upload.

Here are the relevant commit messages:

commit 6a7f3cb7ee68d555aed5bd1beaa3070a4d649da2
Author: Laurent Bigonville <bigon@debian.org>
Date:   Tue Aug 6 11:25:27 2019 +0200

    debian/copyright: Fix the path for the spice-common files

commit 307e426c93c64829e922ee0f32bde7f3b75b6094
Author: Laurent Bigonville <bigon@debian.org>
Date:   Mon Aug 5 13:44:07 2019 +0200

    debian/control: Remove obsolete Breaks/Replaces

commit a9cf824f741b80d8cf0b3b3a4bb0e3ea3389cdfd
Author: Laurent Bigonville <bigon@debian.org>
Date:   Mon Aug 5 13:36:44 2019 +0200

    debian/control: libva-dev is only available on linux architectures

commit 1d302d05d16437a8e09ab99e0e4191112a05268c
Author: Laurent Bigonville <bigon@debian.org>
Date:   Fri Aug 2 18:10:13 2019 +0200

    debian/control: Mark the -dev packages as Multi-Arch: same

Created: 2018-10-01 Last update: 2020-01-15 18:38

RFA: The maintainer wants to pass over package maintainance. normal

The current maintainer is looking for someone who can take over maintenance of this package. If you are interested in this package, please consider taking it over. Alternatively you may want to be co-maintainer in order to help the actual maintainer. Please see bug number #911428 for more information.

Created: 2018-10-20 Last update: 2018-10-20 03:32

1 ignored security issue in buster low

There is 1 open security issue in buster.

1 issue skipped by the security teams:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.

Please fix it.

Created: 2018-03-15 Last update: 2019-10-21 00:30

2 ignored security issues in jessie low

There are 2 open security issues in jessie.

2 issues skipped by the security teams:

CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Please fix them.

Created: 2018-03-15 Last update: 2019-10-21 00:30

3 ignored security issues in stretch low

There are 3 open security issues in stretch.

3 issues skipped by the security teams:

CVE-2018-10873: A vulnerability was discovered in SPICE before version 0.14.1 where the generated code used for demarshalling messages lacked sufficient bounds checks. A malicious client or server, after authentication, could send specially crafted messages to its peer which would result in a crash or, potentially, other impacts.
CVE-2018-10893: Multiple integer overflow and buffer overflow issues were discovered in spice-client's handling of LZ compressed frames. A malicious server could cause the client to crash or, potentially, execute arbitrary code.
CVE-2017-12194: A flaw was found in the way spice-client processed certain messages sent from the server. An attacker, having control of malicious spice-server, could use this flaw to crash the client or execute arbitrary code with permissions of the user running the client. spice-gtk versions through 0.34 are believed to be vulnerable.

Please fix them.

Created: 2018-03-15 Last update: 2019-10-21 00:30

Build log checks report 2 warnings low

Build log checks report 2 warnings

Created: 2017-10-26 Last update: 2019-08-03 02:09

Standards version of the package is outdated. wishlist

The package should be updated to follow the last version of Debian Policy (Standards-Version 4.4.1 instead of 4.4.0).

Created: 2019-09-29 Last update: 2019-09-29 23:40

news

[rss feed]

[2019-08-08] spice-gtk 0.37-1 MIGRATED to testing (Debian testing watch)
[2019-08-02] Accepted spice-gtk 0.37-1 (source) into unstable (Laurent Bigonville)
[2018-10-27] Accepted spice-gtk 0.33-3.3+deb9u1 (source) into proposed-updates->stable-new, proposed-updates (Salvatore Bonaccorso)
[2018-09-13] spice-gtk 0.35-2 MIGRATED to testing (Debian testing watch)
[2018-09-08] Accepted spice-gtk 0.35-2 (source amd64) into unstable (Laurent Bigonville)
[2018-09-05] Accepted spice-gtk 0.35-1 (source amd64) into unstable (Laurent Bigonville)
[2018-09-05] spice-gtk 0.34-1.2 MIGRATED to testing (Debian testing watch)
[2018-08-31] Accepted spice-gtk 0.25-1+deb8u1 (source amd64) into oldstable (Mike Gabriel)
[2018-08-30] Accepted spice-gtk 0.34-1.2 (source amd64) into unstable (Jeremy Bicha) (signed by: Laurent Bigonville)
[2017-09-05] spice-gtk 0.34-1.1 MIGRATED to testing (Debian testing watch)
[2017-08-31] Accepted spice-gtk 0.34-1.1 (source amd64) into unstable (Laurent Bigonville)
[2017-08-28] Accepted spice-gtk 0.34-1 (source amd64) into unstable, unstable (Liang Guo)
[2017-01-25] spice-gtk 0.33-3.3 MIGRATED to testing (Debian testing watch)
[2017-01-14] Accepted spice-gtk 0.33-3.3 (source) into unstable (intrigeri)
[2016-12-30] Accepted spice-gtk 0.33-3.2 (source) into unstable (intrigeri)
[2016-12-15] Accepted spice-gtk 0.33-3.1 (source) into unstable (Andrey Rahmatullin)
[2016-10-30] spice-gtk 0.33-3 MIGRATED to testing (Debian testing watch)
[2016-10-25] Accepted spice-gtk 0.33-3 (source amd64) into unstable (Liang Guo)
[2016-10-24] Accepted spice-gtk 0.33-2 (source amd64) into unstable (Liang Guo)
[2016-10-19] spice-gtk 0.33-1 MIGRATED to testing (Debian testing watch)
[2016-10-13] Accepted spice-gtk 0.33-1 (source amd64) into unstable (Liang Guo)
[2016-08-03] spice-gtk 0.32-1 MIGRATED to testing (Debian testing watch)
[2016-07-28] Accepted spice-gtk 0.32-1 (source amd64) into unstable, unstable (Liang Guo)
[2016-01-05] spice-gtk 0.30-1 MIGRATED to testing (Debian testing watch)
[2015-12-25] Accepted spice-gtk 0.30-1 (source amd64) into unstable (Liang Guo)
[2015-09-03] spice-gtk 0.29-1 MIGRATED to testing (Britney)
[2015-08-29] Accepted spice-gtk 0.29-1 (source amd64) into unstable (Liang Guo)
[2015-08-25] Accepted spice-gtk 0.28-1.1 (source amd64) into unstable (Laurent Bigonville)
[2015-06-23] Accepted spice-gtk 0.28-1 (source amd64) into unstable, unstable (Liang Guo)
[2014-11-12] Accepted spice-gtk 0.26-2 (source amd64) into experimental (Liang Guo)

bugs [bug history graph]

all: 7
RC: 0
I&N: 6
M&W: 1
F&P: 0
patch: 0

links

homepage
lintian
buildd: logs, checks, clang, reproducibility, cross
popcon
browse source code
edit tags
security tracker

ubuntu

[Information about Ubuntu for Debian Developers]

version: 0.37-0ubuntu1
3 bugs
patches for 0.37-0ubuntu1